summaryrefslogtreecommitdiff
path: root/src/providers/ldap/sdap_child_helpers.c
AgeCommit message (Collapse)AuthorFilesLines
2012-10-12Collect krb5 trace on high debug levelsJakub Hrozek1-1/+1
If the debug level contains SSSDBG_TRACE_ALL, then the logs would also include tracing information from libkrb5. https://fedorahosted.org/sssd/ticket/1539
2012-10-04Remove unused variableJakub Hrozek1-6/+0
2012-10-02remove left over principal selectionPavel Březina1-21/+0
https://fedorahosted.org/sssd/ticket/1303 Domain start up was taking too long when there are many principals in a kerberos keytab. We were looking up in the keytab two times. The first time we try to select a proper principal and remember it. The second call happens almost right after the first one and it is just a check if the principal exists in the keytab, without any output information other than success/failure. It is probably a left over from https://fedorahosted.org/sssd/ticket/781. This patch removes the second call.
2012-05-01execv, excvp and exec_child never return EOKStef Walter1-5/+3
* So don't need to handle that case
2011-12-19Move child_common routines to utilStephen Gallagher1-1/+1
2011-09-28Multiline macro cleanupJakub Hrozek1-1/+1
This is mostly a cosmetic patch. The purpose of wrapping a multi-line macro in a do { } while(0) is to make the macro usable as a regular statement, not a compound statement. When the while(0) is terminated with a semicolon, the do { } while(0); block becomes a compound statement again.
2011-04-25Modify principal selection for keytab authenticationJan Zeleny1-2/+7
Currently we construct the principal as host/fqdn@REALM. The problem with this is that this principal doesn't have to be in the keytab. In that case the provider fails to start. It is better to scan the keytab and find the most suitable principal to use. Only in case no suitable principal is found the backend should fail to start. The second issue solved by this patch is that the realm we are authenticating the machine to can be in general different from the realm our users are part of (in case of cross Kerberos trust). The patch adds new configuration option SDAP_SASL_REALM. https://fedorahosted.org/sssd/ticket/781
2010-10-13Make ldap_child report kerberos return code to parentJakub Hrozek1-7/+16
2010-08-03Validate keytab at startupJakub Hrozek1-0/+16
In addition to validating the keytab everytime a TGT is requested, we also validate the keytab on back end startup to give early warning that the keytab is not usable. Fixes: #556
2010-07-09GSSAPI ticket expiry time is returned from ldap_child and stored in ↵eindenbom1-5/+18
sdap_handle for future reference.
2010-06-09Fix realm_str dereferenceJakub Hrozek1-1/+1
Fixes: #508
2010-05-16Add ldap_krb5_ticket_lifetime optionSumit Bose1-2/+7
2010-05-16Properly set up SIGCHLD handlersStephen Gallagher1-10/+8
Instead of having all-purpose SIGCHLD handlers that try to catch every occurrence, we instead create a per-PID handler. This will allow us to specify callbacks to occur when certain children exit.
2010-03-03Improve safe alignment buffer handling macrosSimo Sorce1-11/+11
Make the counter optional so that alignment safe macros can be used also where there is no counter to update. Change arguments names so that they are not deceiving (ptr normlly identify a pointer) Turn the memcpy substitute into an inline function so that passing a pointer to rp and checking for it doesn't make the compiler spit lots of warnings.
2010-02-18Rename server/ directory to src/Stephen Gallagher1-0/+462
Also update BUILD.txt